Keep Americans' personal data safe -- delay ObamaCare exchanges

Just about every week Americans learn about another problem with ObamaCare.

Employer mandate? Delayed.

Small business health insurance market? Delayed.

Automatic enrollment? That’s right, delayed.

Study after study and expert after expert has sounded the alarm on ObamaCare’s failings and the monumental implementation challenges that go with it.

This shouldn’t come as much surprise given the size, scope and nature of the new law, which marks the largest expansion of government in generations.

On October 1st, ObamaCare’s health insurance exchanges -- the online marketplace where the uninsured are mandated to shop for healthcare coverage -- will go live.

Surely the central part of this mammoth law would not be given the green light until it was ready for prime time, right?

Sadly, the answer from the Obama administration is no.

Individuals signing up are required to provide personal information such as Social Security numbers, tax returns and household income information that will be entered into the Federal Data Services Hub (Data Hub) -- a new information sharing network that allows other state and federal agencies, including the Internal Revenue Service (IRS) and the Department of Homeland Security, to verify a person’s information.

The problem?

The information technology (IT) security designed to protect the private records of millions of Americans has only just been completed, leaving a mere two weeks for the workings of this complex system to be independently verified.

Last month the department of Health and Human Services Office of Inspector General (HHS-OIG) issued a report saying the federal government had failed to meet multiple deadlines for testing operations and reporting data security vulnerabilities involved with the Data Hub.

After members of Congress from both sides of the aisle warned the administration against launching a vulnerable system at the American people’s expense, miraculously on September 10th – poof! – the White House conveniently announced testing had been completed and the Data Hub was ready to launch.

While the administration may be convinced that their testing was sufficient and that the system is secure, there is still no time for an independent entity to verify the security operation or make recommendations to better safeguard and guarantee the privacy of consumers.

The repercussions of opening the exchanges with an unproven security system could be devastating, putting the personal and financial records of millions of Americans at the fingertips of data thieves.

Other government certified systems have already proven to be less than reliable in protecting personal information. Look no further than the accidental release by the IRS this past July of thousands of taxpayer Social Security numbers on its website

As President Reagan always said, "trust, but verify."

That’s why I’ve asked Congress’ non-partisan government watchdog, the Government Accountability Office (GAO), to provide a top to bottom review on the interoperability of the various systems that will be accessed as well as the security and privacy of the data being exchanged through the Data Hub.

Americans need to be confident their personal information is safe.

And, as if a questionable government IT security program weren’t bad enough, lax regulations regarding the hiring of navigators – those tasked with assisting the uninsured in determining what type of coverage they qualify for -- presents yet another fraud and theft threat to American consumers.

Wanting to ensure adequate safeguards were going to be put in place to guarantee consumers were not harmed by unqualified navigators or impostors posing as counselors or outreach personnel, a group of my colleagues and I wrote to HHS Secretary Sebelius on this issue back in June.

Unfortunately our request fell on deaf ears. We never received a response. And, in late July the department issued its final navigator rule, which disappointingly included weak privacy protections that cut corners on background checks, opening the door for private information to fall into the wrong hands.

Congress and the administration have said that combating waste, fraud, and abuse within federal healthcare programs must be a top priority. But, it’s clear the president’s new health law is shaping up to be every con-artist's dream come true.

The health insurance exchanges aren’t even open and fraudsters across the country are already lining up to game the system and prey on the innocent.

Top consumer watchdogs continue to warn of scams leading to rampant fraud and identity theft. The Federal Trade Commission even issued a consumer alert about a telemarketing scheme targeting seniors on Medicare. And, the list continues to grow.

While it’s my firm belief that ObamaCare should be fully repealed and replaced with common-sense reforms that will actually lower healthcare costs, we can’t stand on the sidelines and let the Administration potentially expose the personal data of millions of Americans to more fraud.

It’s imperative Americans have peace of mind that their privacy will be protected under this new law.

That’s why I plan to introduce legislation today, Tuesday, September 17, to delay enrollment for the both the federal and state health insurance exchanges until the GAO in consultation with the HHS OIG can attest that the necessary privacy and data security parameters are in place.

Until we can give the public a seal of approval on personal data security we should and we must delay the exchange enrollment. The American people deserve nothing less.

Republican Orrin Hatch represents Utah in the United States Senate and is Ranking Member of the Senate Finance Committee.